Blog Post

Exchange Team Blog
5 MIN READ

Basic Authentication Deprecation in Exchange Online – May 2022 Update

The_Exchange_Team's avatar
The_Exchange_Team
Platinum Contributor
May 03, 2022
Update: The full timeline for retirement of Basic Authentication in Exchange Online is now published in Basic Authentication Deprecation in Exchange Online – September 2022 Update. In about 150 day...
Updated Sep 01, 2022
Version 5.0
announcements
exchange online
security
tips 'n tricks
ViliusS's avatar
ViliusS
Brass Contributor
May 16, 2022

Greg-CNS ,

 

I'll approach the 3rd Party directly to see re what (if any) progress, they're making towards their App (which by the way, I've confirmed they recommended use of IMAP to keep their software's local mail cache footprint size down) using Modern Auth, as that would definitely be a big one, as I could then seriously push to use the KIOSK A/c, & as you say, SMTP AUTH & hopefully - job done & customer (hopefully) happy too.... BUT .... to keep SMTP AUTH with Basic, one has to disable Security Defaults, thus one loses the ability of the Authenticator being required ...... unless one can enforce that on the 2 A/cs (not use SMTP AUTH at all on those) & have the KIOSK A/c with SMTP AUTH & Basic) ....... in which case - phew, possibly....

There is no issue running SMTP Basic AUTH and requiring MFA for other mailboxes. Security Defaults are just that, the defaults. You can disable it and then configure SMTP basic AUTH on per mailbox basis. At the same time you can also configure to require MFA per-user via MFA settings or via Conditional Policies. If you configure MFA via MFA settings App Passwords will be available.

 

review if the goal is possible.

https://docs.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/enable-or-disable-modern-authentication-in-exchange-online?redirectSourcePath=%252farticle%252f58018196-f918-49cd-8238-56f57f38d662

https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365

It looks like the first goal needs to turn on the Modern authentication to work and the 2nd goal will not work if the modern authentication is turned on.

in that case both goals are contradiction. 

Not sure what you mean here. What escapes most people is that SMTP AUTH supports both basic authentication and modern auth (OAuth). As far as I tried currently you have to enable SMTP Basic Auth in order for SMTP AUTH + OAuth to work. But I see no contradiction between these two documents.

Looks like I could be wrong https://docs.microsoft.com/en-us/exchange/troubleshoot/administration/cannot-connect-mailbox-pop-imap-outlook says that you should be able to connect via SMTP OAuth even when SmtpClientAuthenticationDisabled is set to true.